“The NSA discovered an error in the Microsoft code that verifies those signatures, potentially enabling a hacker to forge the signature”https://www.washingtonpost.com/national-security/nsa-found-a-dangerous-microsoft-software-flaw-and-alerted-the-firm--rather-than-weaponize-it/2020/01/14/f024c926-3679-11ea-bb7b-265f4554af6d_story.html …
-
-
Oooh, now, that's fun.
-
Client cert or similar auth could make this very bad(tm) too....
- 3 more replies
New conversation -
-
-
A big thing I've not found in any writeup is a list of which major browsers use the affected windows crypto libraries and are therefore also vulnerable to MITM attacks until you update windows. Firefox uses NSS - does that mean it is not susceptible? What about Chrome, Edge, etc?
-
Chrome uses the affected library. As do Edge and IE. To be honest, Firefox is the only Windows browser I'm aware of at the moment that rolls their own crypto.
- 2 more replies
New conversation -
-
-
Microsoft's documentation also says TLS; everyone reads these, right?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
This Tweet is unavailable.
-
This Tweet is unavailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.